The present invention relates to microprocessors and microcontrollers.
Ever since the late 1970s, there has been a large and steadily increasing use of microprocessors to implement complex or "smart" systems of various kinds. These include a large number of high-volume mass-market products, such as washing machines, automobiles, televisions, etc. The number of such applications, as well as the dollar volume, has continued to increase.
However, there are many attractive applications where some degree of security is essential. Some examples of such applications might include postage meters, or automatic teller machines, or usage monitoring in rental equipment, or systems for very high software security, or usage monitoring for "pay per view" systems which can access encrypted downloadable software from a cable or broadcast channel.
The security needs of at least some such applications are inadequately met by the heretofore available technology. Some previous inventions of interest have included a microprocessor with encryption, and an electronic (e.g., U.S. Pat. No. 4,168,396 which is hereby incorporated by reference) key which can intersperse false output data with accessed data (e.g., U.S. application Ser. No. 273,698, flined Nov. 21, 1988 which is hereby incorporated by reference).
For many applications, it would be desirable not only to withstand casual tampering by users, but also to withstand determined efforts by black-market copiers. This need is not fully met by a secure system's controller which hides its communications to the system: a determined copier might open and destroy one example of a commercially available part, in order to reverse-engineer it and make numerous working copies.
The disclosed invention provides a nonvolatile microcontroller (or microprocessor) with improved security against tampering, including attempts at active intrusion. According to this invention, a battery-backed microcontroller includes encryption and power management functions, and is combined with a battery and a volatile semiconductor memory (e.g. an SRAM). The microcontroller supplies power to the semiconductor memory (either from a system power supply or from the battery). When a security violation is detected, the microcontroller wipes its encryption registers, and also grounds the power-output pin to the memory. This will destroy all data in the volatile memory. Preferably the data and CE.backslash. lines are also grounded, to prevent any power from getting to the memory array through those lines.